General Data Protection Regulation (GDPR) as a new law, effective May 25, 2018, requires some significant changes in the way Mobile Apps, Websites operate currently. Core of the law requires ‘Forget Me’ for end users and this implies relevant user interface changes as well as data encryption in transit and archiving. Apps using AI or machine learning also need tweaks in the way data can be processed or presented for end users opting to ‘Restrict Processing My Data’.
Why Is It Important?
- Transparency, fairness, and lawfulness in the handling and use of personal data
- Minimizing the collection and storage of personal data
- Ensuring the accuracy of personal data and enabling it to be erased or rectified
- Limiting the storage of personal data.
- Ensuring security, integrity, and confidentiality of personal data
- Expanded jurisdictional reach
- Expanded “personal data” definition
- “Technical and organizational [security] measures”
- Severe penalties (4% of overall Turnover of the Company or €20M, whichever is greater)
How We Can Help?
- Privacy Framework for Governance
- Training for DPO (Data Protection Officer)
- Data inventory – identify processes and unlawful held data
- Audit & Mapping of Data Flow
- Compliance & Technical Gap Analysis
- Information Commissioner Notification support
- Implementing Personal Information Management System
- Privacy GAP / Current State Assessment
- Implementation of ISMS as per ISO 27001 Standard
- Defining and Creating Incident Response Process
- Continuous Monitoring, onsite Consultancy
- Vulnerability Assessment & Penetration Testing
- Yearly Readiness Audit